Root Cause Analysis Template

by Nash V

Root Cause Analysis

Root Cause Analysis (RCA) is a step-by-step process used to understand the underlying root cause of an issue or incident or anything that should not have occurred in the first place.

rca template, root cause analysis excel template, root cause analysis format
Root Cause Analysis Template

Best Practices for Root Cause Analysis

  • Always start documenting the root cause by using the root cause analysis excel template as soon as it has occurred, or you are informed. If you leave it for too long, people might forget what happened and how it happened.
  • Pick your team carefully, as the last thing you want is to manage conflicts.
  • Start filling the RCA form ASAP; even if some information is missing, have the draft started.
  • Conduct an initial meeting to understand the first-hand experience of impacted people.
  • Make sure you have a mechanism in place to follow-up on action items by having an action plan.
  • Do a dry run or share the report with key stakeholders so that you can get early feedback.
  • Ensure you get the required approvals before closing the analysis.
  • Give importance to all the perspectives - Technology, Marketing, Finance, etc.
  • If possible, include a team member from different areas of the company.
  • Always be sensitive about the people involved as the reason to do the root cause analysis is to make sure similar issues do not happen again and not punish the people involved.
simple root cause analysis template, Root Cause Analysis Impact

Root Cause Analysis Impact

About the Root Cause Analysis Excel & PPT Template

The root cause analysis excel template aims to capture all the key information related to an event or issue.

  • Event - Clearly define an event name. Keep it short and nice.
  • Date and Time - Specify when the event occurred. If multiple times then mention all the times.
  • Impact Assessment - This section should document what actually happened in much detail. Also, mention the impact the issue had on business in detail. Don't worry about the exact times, as you will be documenting that in the timeline section.
  • Previous Occurrences - Mention if there were any previous occurrences of similar issues. You need to be accurate with this information because the senior management is sure to ask tough questions when they know this had happened in the past and the root cause has not been fixed.
  • Timeline of events - This section will capture what actually happened with time details—document only high-level phases with time stamps.
  • Analysis Approach - Document how you approached the analysis. Explain briefly what are the different steps you took to conduct the analysis.
  • Action Items - These are actions of tasks coming out of the root cause analysis. Each action should have a target date and individual names associated with it. Also, ensure that reminders have been set for these action items. Here is a sample action item template for reference.
  • Residual Risks - Document the risks which will continue to exist after the incident. Also, document if the risk will be mitigated by closing off any action item. Assigning the right risk rating is also important.
  • Last but not least, ensure the report is signed off by the appropriate authority.
Residual Risks, rca template

Residual Risks

Example of Root Cause Analysis in IT

Event: Security Breach

Date & Time : 13-June-2017, Friday 1:00 PM

Manager: Swapnil Wale


  • 13-June-2017, 12:45 PM: During a routine system upgrade, some of our security protocols were not followed, leading to our exposed network.
  • 13-June-2017, 1:00 PM: Possible hackers breached our network and were able to get access to our customer database.
  • 13-June-2017, 1:20 PM: Internal staff was alerted to a potential intruder. Upon getting the alert, our internal network was shut down to avoid further loss.
  • 13-June-2017, 1:30 PM: Security Manager was informed about the incident. The security manager then alerted senior management and logged a security breach incident.

Impact Assessment

During a routine system upgrade, some of our security protocols were not followed, leading to our network being exposed.

Possible hackers breached our network and were able to get access to our customer database. Customers have been informed about the security breach. IT team is in the process of identifying the affected customers.

  • Customer Impact: High
  • Brand Impact: High
  • Contractual Impacts: Low
  • Financial Impact: Medium
  • Productivity Impact: Low
  • Data Loss: Low
  • Privacy Breach: High

Action Items

  • Review our systems upgrade procedure to find gaps.
  • Review internal processes to ensure IT Team needs to know the communication plan when incidents occur.
  • Implement system changes to enhance security protocol to make our security robust.

Residual Risks

  • Until the policies and procedures are not updated, there will be a risk of a security breach happening again - Critical.
  • As IT Team is still analyzing the impact, the severity of the impact assessment could change. The severity could either go up or down depending on the outcome - Medium.
RAID Management Pack